Prof Ankit Gangwal (IIIT Hyderabad): “Stealing Credentials from Mobile Password Managers”

2 July 2024, 14-15 h in PB-H 0103

This talk focuses on modern mobile password managers and presents a novel attack called AutoSpill (Best Paper Award at CODASPY ’23 and BlackHat EU Briefings ’23). AutoSpill on Android password manager leaks users’ saved credentials during an autofill operation. AutoSpill conveniently dodges Android’s secure autofill process and allows the attacker to get user credentials for free, i.e., the attacker does not even need to write the code to steal/phish credentials. The majority of popular Android password managers we considered in our experiments were found vulnerable to AutoSpill. Finally, the talk concludes with various practical countermeasures for our attack.

Prof. Ankit Gangwal, International Institute of Information Technology (IIIT) Hyderabad, India
Prof. Ankit Gangwal, International Institute of Information Technology (IIIT) Hyderabad, India

Ankit Gangwal is an Assistant Professor at International Institute of Information Technology (IIIT) Hyderabad, India. Prior to joining IIIT Hyderabad, he was a Post-Doctoral Researcher at TU Delft, Netherlands. He was also a visiting researcher at Stevens Institute of Technology, USA. He received his Ph.D. degree from University of Padova, Italy. His main research interest is in the area of cybersecurity, machine learning model security, and blockchains.

Tags
Jan Söhlke
Jan Söhlke

Dr. Jan Söhlke is the head of communication and staff photographer at ZESS, as well as the Scientific Coordinator for the DFG Research Unit 'Learning to Sense' (FOR 5336).

Following his doctoral studies at LMU Munich, he moved into science communication and the visual documentation of research environments. His work focuses on photographing complex scientific setups and high-tech infrastructure - translating engineering and academic projects into clear visual assets. In addition, he works as a freelance photographer for industrial and research-driven organizations. You can find his portfolio at https://jansoehlke.com/.

Articles: 122

Related Posts